1. Field of the Invention
The present invention relates to an image forming apparatus, a control method therefor, and a storage medium, and more particularly to a method of updating firmware of a digital multifunction machine or the like by means of an encrypted file.
2. Description of the Related Art
Updating of firmware of a digital multifunction machine or the like is frequently performed for the purpose of fixing defects or adding functions after the machine is released to a market. When delivering a file for updating firmware to a digital multifunction machine via a network, signature encryption is performed with respect to the file to be delivered, so that the firmware is not tampered with and fraudulent updating is not performed.
Further, from the user's viewpoint the time required for updating the firmware constitutes downtime of the relevant device, and it is thus desirable to shorten the updating time as much as possible to reduce the downtime. Therefore, a differential update is performed in which the firmware is divided into a plurality of package files, differential package files are identified in advance, and only the required package files are downloaded and updated.
In a case of a differential update, signature encryption is performed with respect to each package file constituting the firmware. Since the entire firmware is constituted by a combination of respective package files, it is necessary to ensure that the information regarding the combination of package files is not itself tampered with. For example, there has been proposed a method for ensuring that downloading or updating of a program that was tampered with is not performed in which hash values of respective files that constitute a program to be updated are calculated to create a table, and the table is encrypted (see Japanese Laid-Open Patent Publication (Kokai) No. 2011-100328).
On the other hand, with respect to updating firmware, a method is available in which a firmware delivery server provided by a manufacturer is used to deliver firmware via a network to users that have entered a firmware delivery contract. Further, with respect to users that have not entered a firmware delivery contract, by making firmware that can be used for updating publicly available on a website provided by a manufacturer, the users themselves can carry out a firmware update.
In a case where a user has entered a firmware delivery contract with a manufacturer, fundamentally, a situation does not arise in which the user directly handles file information (information relating to a combination of package files or the like) of the firmware that is delivered.
However, in a case where firmware that can be used for updating is made publicly available on a website provided by a manufacturer, a general user downloads the firmware onto their PC and directly performs operations with respect to the firmware. Therefore, a case arises in which a user directly handles file information of the firmware.
To prevent tampering with respect to firmware that is delivered or downloaded, although it is conceivable to encrypt the entire firmware that is constituted by a plurality of packages, if the entire firmware is encrypted, a differential update cannot be performed and there is a concern that the updating time will increase. In order to perform a differential update, it is necessary to enable delivery of firmware in package units.
In a case where a user enters a firmware delivery contract with a manufacturer, and firmware is delivered directly from a firmware delivery server provided by the manufacturer, since opportunities for tampering with the firmware are reduced, it is possible to distribute the firmware in package units.
However, in a case where firmware is made publicly available to general users, in order to prevent tampering with respect to the combination of package files, distribution of firmware in package units cannot be performed.